Hackers have exploited the Heartbleed vulnerability and stole private data concerning 4.5 million patients from hospitals in the US.
The information stolen from Community Health Systems (CHS), which operates across 206 hospitals in the US, includes names, Social Security numbers, and patients’ physical addresses.
Though CHS operates within 28 states, they have a significant presence in Alabama, Florida, Mississippi, Oklahoma, Pennsylvania, Tennessee, and Texas.
The company hired Mandiant, a cybersecurity consultancy, in order to investigate the origin of attack.
Mandiant alleges that the hackers were based in China during the attack. The investigation also reports that they used high-profile malware in order to gain access to the private data held on CHS systems.
The hackers were able to access CHS’ systems through Heartbleed, a security bug in OpenSSL discovered by Google’s security team on 1 April 2014.
The bug Heartbleed discovered in OpenSSL, used by approximately 17% of the internet, has left millions of passwords and private keys along with private data exposed to cyber-attacks and interception by third parties.
Since its discovery in April, many websites have patched their servers in order to protect users’ privacy.
Despite many of the servers being patched, over 300,000 remain vulnerable to attacks.
According to Federal investigators, the hackers had previously conducted corporate espionage along with targeting information concerning medical devices.
Approximately 4.5 million patients are affected.